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DETAILED ACTION 

1 . A response was received on 29 June 2007. By this response, no claims have 
been amended, added, or canceled. Claims 1-16 are currently pending in the present 

* 

application. 

Response to Arguments 

2. Applicant's arguments filed 29 June 2007 have been fully considered but they are 
not persuasive. 

Regarding the rejection of Claims 1-16 under 35 U.S.C. 102(e) as anticipated by 
Symons et al, US Patent Application Publication 2003/0105881, Applicant first alleges 
that there is a "fundamental distinction" between the cited art and the claims (pages 7-9 
of the present response). First, the Examiner notes that in this portion of Applicant's 
arguments, no citations of evidence in support of the various statements made therein 
are provided whatsoever. Further, in response to applicant's argument that the 
references fail to show certain features of applicant's invention (see page 9 of the 

I 

present response), it is noted that the features upon which applicant relies (i.e., to 
"assign at least two MAC addresses to every port of a network device" and that an 
embodiment "issues warning messages to users and to administrators to terminate the 
detection procedure") are not recited in the rejected claim(s). Although the claims are 
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interpreted in light of the specification, limitations from the specification are not read into 
the claims. See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

More specifically regarding independent Claims 1 , 7, and 12, Applicant further 
argues that the cited portions of Symons do not disclose the claimed subtracting step 
(or device processing unit that performs a subtracting step), whereby at least one 
unauthorized MAC address is obtained (see pages 10-11 and 13 of the present 
response). However, the Examiner respectfully disagrees. The Examiner believes that 
the cited portion of Symons discloses finding the difference between network topologies 
(where subtraction also results in a difference) that also results in detection of 
unauthorized (or reconfigured) devices (see Symons, particularly paragraph 0066). 

Regarding dependent Claims 2, 3, 8, 9, 13,' and 14, Applicant's arguments fail to 
comply with 37 CFR 1.1 1 1(b) because they amount to a general allegation that the 
claims define a patentable invention without specifically pointing out how the language 
of the claims patentably distinguishes them from the references. In particular, the 
arguments regarding those claims (pages 11-12 and 13-14 of the present response) do 
not cite any evidence in support of the allegations therein. 

Therefore, for the reasons detailed above, the Examiner maintains the rejections 
as set forth below. 

Specification 

3. The disclosure is objected to because of the following informalities: 
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The specification contains minor typographical and other errors. For example, 
the first sentence of the Abstract is a fragment. On page 2, line 28, it appears that "it" is 
intended to read "they" (where this appears to refer back to the MAC address and IP 
address in line 26). On page 2, it appears that there is a contradiction between 
"devices" in line 27 and "the device" in lines 29-30. On page 5, lines 21-22, it appears 
that "an unauthorized hardware devices" is intended to read "an unauthorized hardware 
device" or "unauthorized hardware devices". On page 6, line 27, it appears that 
language is missing from the phrase "As is known, is a commonly used service". 

Appropriate correction is required. Applicant's cooperation is requested in 
correcting any other errors of which applicant may become aware in the specification. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claims 1-16 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Claim 1 recites the limitation "calculating the number of MAC addresses of the 
filtered ports to acquire a second MAC address list". This is generally unclear; 
specifically, it is not clear how calculating a number of addresses actually accomplishes 
acquiring a list. Further, the claim recites the limitation "subtracting the number of ports 
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with more than two MAC addresses on the first MAC address list from the number of 
ports with more than two MAC addresses on the second MAC address list, thereby 
obtaining at least one unauthorized MAC address". First, it is not clear from the step of 
calculating (that allegedly acquires the second list) that there are any ports on the 
second list, and therefore it is not clear how the number of ports with more than two 
addresses on the second list is determined. Further, more generally, it is not explicitly 
clear from the claims or specification how subtracting the number of ports will obtain an 
unauthorized address. Additionally, it is not clear that subtracting the two numbers will 
always result in obtaining an unauthorized address, but the claim requires that. This 

renders the claim indefinite. 

Claim 2 recites the limitation "the unauthorized hardware devices" in line 2 of the 
claim. There is insufficient antecedent basis for this limitation in the claims. Further, the 
limitation "the IP address of the unauthorized hardware devices" in lines 6-7 of the claim 
is generally unclear, because there were multiple IP addresses of the unauthorized 
devices obtained in lines 2-4 of the claim, and therefore, it is not clear to which of these 
addresses "the IP address" is intended to refer. 

Claim 3 recites the limitations "the authorized hardware devices" and "the 
authorized network devices". There is insufficient antecedent basis for these limitations 
in the claims. 

Claim 7 recites the limitation "calculating the number of MAC addresses of the 
ports of the network devices to acquire a second MAC address list". First, there is 
insufficient antecedent basis for the limitation "the network devices" in the claim. 
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Further, this limitation is generally unclear; specifically, it is not clear how calculating a 
number of addresses actually accomplishes acquiring a list. Further, the claim recites 
the limitation "subtracting the number of ports with more than two MAC addresses on 
the first MAC address list from the number of ports with more than two MAC addresses 
on the second MAC address list, thereby obtaining at least one unauthorized MAC 
address". First, it is not clear from the previously described calculating (that allegedly 
acquires the second list) that there are any ports on the second list, and therefore it is 
not clear how the number of ports with more than two addresses on the second list is 
determined. Further, more generally, it is not explicitly clear from the claims or 
specification how subtracting the number of ports will obtain an unauthorized address. 
Additionally, it is not clear that subtracting the two numbers will always result in 
obtaining an unauthorized address, but the claim requires that. This renders the claim 
indefinite. 

Claim 8 recites the limitation "the unauthorized hardware devices" in line 2. 
There is insufficient antecedent basis for this limitation in the claims. 

Claim 12 recites the limitation "calculating the number of MAC addresses of the 
ports of the network devices to acquire a second MAC address list". First, there is 
insufficient antecedent basis for the limitation "the network devices" in the claim. 
Further, this limitation is generally unclear; specifically, it is not clear how calculating a 
number of addresses actually accomplishes acquiring a list. Further, the claim recites 
the limitation "subtracting the number of ports with more than two MAC addresses on 
the first MAC address list from the number of ports with more than two MAC addresses 
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on the second MAC address list, thereby obtaining at least one unauthorized MAC 
address". First, it is not clear from the step of calculating (that allegedly acquires the 
second list) that there are any ports on the second list, and therefore it is not clear how 
the number of ports with more than two addresses on the second list is determined. 
Further, more generally, it is not explicitly clear from the claims or specification how 
subtracting the number of ports will obtain an unauthorized address. Additionally, it is 
not clear that subtracting the two numbers will always result in obtaining an 
unauthorized address, but the claim requires that. This renders the claim indefinite. 

Claim 1 3 recites the limitation "the unauthorized hardware devices" in line 3. 
There is insufficient antecedent basis for this limitation in the claims. 

Claim 14 recites the limitation "the authorized network devices" in lines 2-3. 
There is insufficient antecedent basis for this limitation in the claims. 

Claims not specifically referred to above are rejected due to their dependence on 
a rejected base claim. 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
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only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

7. Claims 1-16 are rejected under 35 U.S.C. 102(e) as being anticipated by Symons 
et al, US Patent Application Publication 2003/01 05881 . 

In reference to Claim 1 , Symons discloses a method for detecting unauthorized 
hardware devices in a local area network, where the method includes scanning ports of 
a plurality of hardware devices to retrieve MAC addresses thereof (paragraphs 0008- 
0010, 0019); filtering an uplink port on each of the hardware devices to acquire a first 
MAC address list (paragraphs 0024-0026, 0034, 0036); acquiring a second MAC 

* 

address list (paragraphs 0022, 0028-0030, 0034, 0036, 0055-0056); and subtracting 
(i.e. comparing and finding the difference between) the first MAC address list and the 
second MAC address list, thereby obtaining at least one unauthorized MAC address 
(paragraphs 0022, 0025-0026, 0048, 0058-0060, 0066). 

In reference to Claim 2, Symons further discloses comparing the MAC addresses 
of unauthorized hardware devices with MAC addresses in a routing entry table to obtain 
Internet Protocol (IP) addresses of the unauthorized hardware devices (paragraphs 
0037-0040, 0046, 0048) and acquiring user information for the unauthorized hardware 
devices by SNMP or WINS services in accordance with the IP addresses of the 
unauthorized hardware devices (paragraphs 0036, 0051). 

In reference to Claim 3, Symons further discloses that the ports of the hardware 
devices are recursively scanned by an authorized network device (paragraphs 0008- 
0010,0019,0023,0026). 
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In reference to Claim 4, Symons further discloses that MAC addresses of 
authorized hardware devices are stored in a database (paragraph 0028). 

In reference to Claim 5, Symons further discloses that the ports of authorized 

« • 

network devices are scanned by simple network management protocol (paragraphs 
0036, 0051). 

In reference to Claim 6, Symons further discloses that a simple network 
management protocol is used (paragraphs 0036, 0051). 

Claims 7-1 1 are directed to systems corresponding substantially to the methods 
of Claims 1-5, and are rejected by a similar rationale. 

Similarly, Claims 12-16 are directed to a software implementation of the methods 
of Claims 1-5, and are also rejected by a similar rationale. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Zachary A. Davis whose telephone number is (571) 272- 
3870. The examiner can normally be reached on weekdays 8:30-6:00, alternate 
Fridays off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
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number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 

« 

For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 

i 

USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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zad Matthew smithers 
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